Recently during the Black Hat Security Conference, researchers highlighted vulnerability in the Chrome OS which could result in the theft of personal information of users. The threats were identified mainly from the reliance of Chrome on Extensions. Researchers identified several extensions whose bugs can inject code into the browser and steal required information. After this, there were expectations that there will be hue and cry about this in Chrome forum and Chrome OS community. But it is quite surprising to note that Chrome forums and community have been keeping quite about it.

Possible Reasons

The possible reasons for this can be the fact that researchers have pointed out extensions being the main culprit behind vulnerability of Chrome OS. But one thing to note is the fact that all the extensions available in Chrome Web Store indicates clearly about the amount of privacy you are giving by using them. If an extension is able to see everything you will receive a high alert. Similarly, if the extension sees your left data on website you get a medium alert while if the extension sees you bookmarks and installed apps, you get a medium alert.

Moreover the bug highlighted by researchers Matt Johansen and Kyle Osborn were that of cross-site exploit. This point has been highlighted in the Chromium blog by software engineer Eric Kay. In the post, Mr Kay has said that Chrome extensions are equipped with several in-built protection which makes it pretty difficult to inject a malicious code. He, however, made it clear that certain pattern of codes might open up risks of XSS attacks. In his blog, Mr Kay had given ideas of writing healthier extensions.

We would like to know from our users their opinion about the bug highlighted in the Chome OS through their comments. Do you think that the bugs will impact the popularity of Chrome OS and how will these impact the sales of Chromebooks?